VIRTUAL MACHINE PROTECTON

Block malicious and intrusive actions such as spreading malware, executing operating system commands, file system browsing and C&C communication

Reduce service disruption of any part or entire virtual ecosystem

The design, implementation and deployment of modern network architectures, such virtualization and cloud, continue to be a game-changing strategy for many organizations. Virtualizing the data center, migrating to the cloud, or a combination of both, have demonstrated significant operational and economic advantages. However, vulnerabilities within virtual environments are well-documented. New ones are discovered regularly that yield serious security implications and challenges. To ensure application services are delivered safely, efficiently and in a scalable manner, while combating threats harmful to all parts of the virtual framework including virtual machines (VM), application workloads and data must be among the top priorities.

NSv is easily deployed and provisioned in a multi-tenant virtual environment, typically between virtual networks (VNs). This allows it to capture communications and data exchanges between virtual machines for automated breach prevention, while establishing stringent access control measures for data confidentiality and VMs safety and integrity. Security threats (such as cross-virtual-machine or sidechannel attacks and common networkbased intrusions and application and protocol vulnerabilities) are neutralized successfully through SonicWall's comprehensive suite of security inspection services1. All VM traffic is subjected to multiple threat analysis engines, including intrusion prevention, gateway anti-virus and anti-spyware, cloud anti-virus, botnet filtering, application control and Capture Advanced Threat Protection multi-engine sandboxing.

Segmentation Security

For optimal effectiveness against Advanced Persistent Threats (APTs), network security segmentation must apply an integrated set of dynamic, enforceable barriers to advanced threats. With segment-based security capabilities, NSv can group similar interfaces and apply the same policies to them, instead of having to write the same policy for each interface. By applying security policies to the inside of the VN, segmentation can be configured to organize network resources into different segments, and allow or restrict traffic between those segments. This way, access to critical internal resources can be strictly controlled.

NSv can automatically enforce segmentation restrictions based upon dynamic criteria, such as user identity credentials, geo-IP location and the security stature of mobile endpoints. For extended security, NSv it also capable of integrating multi-gigabit network switching into its security segment policy and enforcement. It directs segment policy to traffic at switching points throughout the network, and globally manage segment security enforcement from a single pane of glass.

Since segments are only as effective as the security that can be enforced between them, NSv applies intrusion prevention service (IPS) to scan incoming and outgoing traffic on the VLAN segment to enhance security for internal network traffic. For each segment, it enforces a full range of security services on multiple interfaces based on enforceable policy.

Flexible Deployment Use Cases

With infrastructure support for high availability (HA) implementation, NSv fulfills scalability and availability requirements of Software Defined Data Centers (SDDC). It ensures system resiliency, service reliability, and regulatory conformance. Optimized for broad range of public, private and hybrid deployment use cases, NSv can adapt to service-level changes and ensure VMs and their application workloads and data assets are available, as well as secure. It can do it all at multi-Gbps speed and low latency.

Organizations gain all the security advantages of a physical firewall, with the operational and economic benefits of virtualization. This includes system scalability, operation agility, provisioning speed, simple management and cost reduction.

The NSv Series is available in multiple virtual flavors carefully packaged for broad range of virtualized and cloud deployment use cases. Delivering multigigabit threat prevention and encrypted traffic inspection performance, the NSv Series can adapt to capacity-level increases and ensure VNs safety and application workloads and data assets are available as well as secure.

Governs Centrally

NSv deployments are centrally managed using both on premise with SonicWall GMS³, and with SonicWall Capture Security Center³, an open, scalable cloud security management, monitoring, reporting and analytics software that is delivered as a cost-effective as-a-service offering.

Capture Security Center gives the ultimate in visibility, agility and capacity to govern the entire SonicWall virtual and physical firewall ecosystem with greater clarity, precision, and speed - all from a single-pane-of-glass.

Features:

SonicOS Platform

The SonicOS architecture is at the core of every SonicWall physical and virtual firewall including the NSv and NSa Series, SuperMassive™ Series and TZ Series. Refer to the SonicWall SonicOS Platform datasheet for complete list of features and capabilities.

Automated breach prevention1

This includes complete advanced threat protection, including high-performance intrusion and malware prevention, and cloud-based sandboxing.

Around-the-clock security1

New threat updates are automatically pushed to firewalls in the field with active security services, and take effect immediately without reboots or interruptions.

Zero-day protection1

NSv protects against zero-day attacks with constant updates against the latest exploit methods and techniques that cover thousands of individual exploits.

Threat API

NSv receives and leverages any and all proprietary, original equipment manufacturer and third-party intelligence feeds to combat advanced threats, such as zero-day, malicious insider, compromised credentials, ransomware and advanced persistent threats.

Zone protection

NSv strengthens internal security by segmenting the network into multiple security zones, with intrusion prevention service keeping threats from propagating across the zone boundaries. Creating and applying access rules and NAT policies to traffic passing through the various interfaces, it can allow or deny internal or external network access based on various criteria.

Application intelligence and control1

With application-specific policies, NSv provides granular control over network traffic on the level of users, email addresses, schedules, and IP-subnets. It controls custom applications by creating signatures based on specific parameters or patterns unique to an application in its network communications. Internal or external network access are allowed or denied based on various criteria.

Data leakage prevention

NSv provides the ability to scan streams of data for keywords. This restrict the transfer of certain file names, file types, email attachments, attachment types, email with certain subjects, and email or attachments with certain keywords or byte patterns.

Application layer bandwidth management

Using packet monitor, NSv can select among various bandwidth management settings to reduce network bandwidth usage by an application. This helps gain further control over the network.

Secure communication

NSv ensures that data exchange between groups of virtual machines is done securely, including isolation, confidentiality, integrity, and information flow control within these networks via use of segmentation.

Access control

NSv validates that only VMs that satisfy a given set of conditions are able to access data that belongs to another through the use of VLANs.

User authentication

NSv creates policies to control or restrict VM and workload access by unauthorised users.